UCD-SNMPAdded 2002-04-23by UC-Davis, ucd-snmp-coders@ece.ucdavis.edu
Various tools relating to the Simple Network Management Protocol including:
- An extensible agent
- An SNMP library
- tools to request or set information from SNMP agents
- tools to generate and handle SNMP traps
- a version of the unix 'netstat' command using SNMP
- a Tk/perl mib browser
This package was originally based on the Carnegie Mellon University SNMP implementation, but has been greatly enhanced, ported, fixed, made easier to use and barely resembles the original package anymore.

BubblegumAdded 2002-04-17by bjk
Bubblegum is a daemon written in C which watches a file's access, modification, and inode change times, and logs the changes. It can run a command (a specified number of times) with info expansions, read files from a filelist, and more.

EtherApeAdded 2002-04-14by Juan Toledo, toledo@users.sourceforge.net
EtherApe is a GNOME/pcap-based etherman, interman, and "tcpman" clone. It displays network activity graphically. Active hosts are shown as circles of varying size, and traffic among them is shown as lines of varying width. It supports Ethernet, FDDI, Token Ring, ISDN, PPP, and SLIP. Additional statistics windows will let you concentrate on protocols or nodes.

SnortAdded 2002-04-10by Martin Roesch, roesch@clark.net
Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a seperate "alert" file, or as a WinPopup message via Samba's smbclient.

amapAdded 2002-03-12by Dr. RevMoon and van Hauser
Amap is a scanning tool that allows you to identify the applications that are running on (a) specific port(s). It does this by connecting to the port(s) and sending trigger packets. These trigger packets will typically be an application protocol handshake (i.e. SSL). Amap then looks up the response in a list and prints out any match it finds. Adding new response identifications can be done just by adding them to an easy-to-read text file. With amap, you will be able to identify that SSL server running on port 3445 and some oracle listener on port 233.

integritAdded 2002-02-20by ecashin
integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.

AIDE (Advanced Intrusion Detection Environment)Added 2002-02-11by Rami Lehti and Pablo Virolainen
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

OpenSSL for RubyAdded 2002-02-06by Michal Rokos
The OpenSSL for Ruby project (OSSL) binds the well known OpenSSL library to the fully objective scripting language Ruby.